Fake CIA, FBI E-Mails Power Sober Worm

Several new versions of the "Sober" e-mail worm have been mass-spammed to millions of e-mail boxes of the last 72 hours, posing as messages from the FBI and the CIA warning recipients that their Internet address has been implicated in illegal activity online.

The messages obviously were not sent by either agency, but any recipient who clicks on the attachment carried in the e-mail may indeed soon find their computers involved a variety of illegal activities at the hands of the virus authors. Both the CIA and the FBI have posted warnings about this latest worm on their Web sites.

FBI spokesperson Cathy Milhoan said the agency has been swamped with calls from people who received the e-mails because the message includes the actual phone number for the FBI headquarters in Washington. She said FBI operators have had their hands full routing calls and complaints to its Internet Crime Complaint Center in West Virginia, which received more than 4,000 complaints about the worm on Monday alone. The ICC typically receives 18,000 complaints each month.

Finnish anti-virus firm F-Secure calls the latest Sober outbreak the largest e-mail worm epidemic so far this year. UK-based e-mail security company MessageLabs said it has intercepted more than 2.7 million copies of Sober and its variants, noting that "the size of the attack indicates that this is a major offensive, certainly one of the largest in the last few months."

The criminals behind the Sober family of worms usually release several variants of the worm at once, each one altered slightly to evade detection by anti-virus software; security firms often take several hours to push out new virus definitions that their software uses to spot the worm.

The Sober worm uses its own e-mail engine to blast copies of itself out to all of the addresses found on an infected computer. Sober kills a long list of security applications that may be running, including anti-virus and firewall software, and prevents the victim from visiting a long list of security-related Web sites. Finally, it opens a backdoor on the infected machine, allowing attackers to upload whatever software they want.

As usual, be extremely cautious about clicking on links and opening e-mail attachments, even if they appear to come from someone you know. As Sober illustrates, you cannot always depend on scanning an attachment with anti-virus software to be sure it is safe to open. If you have any doubts about the integrity of an attachment or weren't expecting it, contact the person who sent it.

Some people are insane (blowing themselves up so they can get a few more virgins--still haven't met one on earth), and some people are just jerks. They don't have a voice because nobody will listen because they ARE nuts, so they perpetuate their upset behaviour by making viruses/worms so they can sit in the dark and giggle? Losers (capital 'L').

These aren't merely jerks or anti-social people developing and releasing these worms. These are criminals who are doing it for illicit gain.

And they are able to operate in this manner, to take over YOUR computer, because of windows basic insecurity. I've had enough. I'm switching to Mac. It might be a little more expensive, but I am sick of all the down time I have with Windows. My time is valuable.

Tony Fingerelbo, windows isn't as much of a security issue as some of the dumb people that use it. I received the message but never opened the attachment. If people who use windows weren't so stupid, they could be skeptics first and delete this sort of thing instead of opening the wrong window (no pun intended) and spreading it to the rest of the world. :)

Installing and using a Linux based operating system is one of the easiest ways to avoid tis kind of problem. I personally recommend SuSE, because it can be installed over the Internet. That means you don't even need installation DVD's to get a modern, full featured PC operating system that is immune from 99% of current viruses. Of course once enough users figure this out, the criminal element will shift their attention to Linux. When that happens, the open source software community will respond instantly with creative fixes and make a great operating system even better. Oh, and did I mention that Linux is free?

Well, you can download Suse OSS 10 now, but the kernel isn't supported with a variety of software yet, so you're stuck buying version 9.6-10 it for at least $56 bucks, which is inexpensive, but people need more technological knowledge (e.g. running gcc in a terminal to compile and install a program, etc.), the type of know-how that would prevent people from opening strange emails too wouldn't it? Free, probably not, inexpensive, sure. :)

"... they ARE nuts, so they perpetuate their upset behaviour by making viruses/worms so they can sit in the dark and giggle? Losers (capital 'L')."

Hmm... why don't you try to write/code... at least a prog that will "kill" all anti-virus and firewall kind of soft running very own shiny windows box... and once you do it - you can call author of Sober.* worms looser :o)

What's particularly worrisome about this virus is that it uses good spelling! The virus writer, unlike most of his predecessors, actually knows English grammar and punctuation. Poorly written text was a major flaw of many past email worms.

Actually i actually get to see viruses and all that stuff in my emails that i download... AND the anti viruses, anti spam, anti adwares etc never see it...
USING this nice thing called MAGIC MAIL MONITOR [freeware] you see all your emails as ascii text and any binaries as some sort of BINHEX, UUE, UUX, BASE64, etc [same things that are on newsgroups to ensure all of their software is in ascii text form and legal in 98% of all countries] and the telling differences for the most part is when you see a ASCII TEXT [HTML is all ascii text] message that is encoded in the
binary formats and starts off with
NAME OF FILE = I Love You.html
CODE NUMBER
--------------0000015889999aaa1122000007
AND then you have this binary encoded message
Mhsdfhufsdfhjff-+-=098765gsdfgseh^%$#@ki
Muiopwethbjcv^%#$#{}:>